Cyberresearcher ransomware is a devastating virus that threatens to delete all files

Cyberresearcher ransomware is cryptovirus that was discovered by security researchers mid-April 2018 and is based on open-source HiddenTear ransomware. The virus uses AES[1] cipher to encrypt all data and adds .CYBERRESEARCHER extension to each of the files. Users are asked to pay 2.5BTC into a provided wallet address, which is located inside READ_IT.htm file.

Crypto-viruses typically have several stages of the infection process. Firstly, after the malicious file is executed, the payload is released. It modifies various settings inside the system (including registry entries). This allows Cyberresearcher virus to boot up every time the machine is started. Soon after that, the cyber threat locks up all the detected files on the device.

Cyberresearcher ransomware can lock up a variety of files, including .html, .doc, .gif, .jpg, .xlsx, etc. If the file on your computer is called document.doc, it will be turned into document.doc.CYBERRESEARCHER immediately after encryption.

The key which is stored on a remote server by cybercrooks is required to get all the files back. Thus, decrypting data without it becomes practically impossible. The only reliable file recovery procedure is possible from a back-up. Before that, users should undertake Cyberresearcher ransomware removal.

The READ_IT.htm file states the following:

Your files have been encrypted by CYBERRESEARCHERSend 2.5 Bitcoins to [Bitcoin wallet]Your files will be deleted permanently if the Bitcoins are not sent in the next 48 hours

Cyberresearcher authors are asking for 2.5 Bitcoins (around $20k currently) to be sent into a specific wallet. However, the e-mail address that should be used to contact hackers is not provided (typically email is given to users so that could receive the key after payment is done). Thus, it is believed that the virus might intentionally delete all files – work as a data wiper.

The required amount is pretty high, so hopefully, users will get discouraged to pay the ransom. Nevertheless, even if the ransom demand would be small, security experts recommend avoiding paying cybercrooks. There is never a guarantee that hackers will provide you with the promised key. Thus, you might end up not only losing your files but also your money.

Distribution methods of file encrypting viruses

There are few different ways the crypto-virus can get into your PC, like through unprotected RDP configuration,[2] infected installers, fake updates, fraudulent downloads, exploits, etc. But the most prevalent distribution method is via spam emails.

Therefore, it is vital to be cautious when opening emails from unknown sources. Typically, email author pretends to be an individual from a high-profile organization (such as Twitter, Amazon) or even from the governmental institution (tax collector or similar).

There are two main red flags for these type of emails:

the author urges users to open up the attachment or click on a link persuasively

the attachment asks to enable macro function

DO NOT click on anything and delete such emails. You can view several examples online and learn to recognize phishing emails rather quickly.

Naturally, we also advise users to stay away from torrent, file-sharing, cracked software and similar websites. Cybercrooks often inject their malicious payloads into installers and spread them using uncontrolled sites.

Remove Cyberresearcher ransomware from your computer

Security researchers from udenvirus.dk[3] recommend users to stay away from manual Cyberresearcher ransomware removal. The procedure is too complicated for regular users and might result in permanent system file damage.

What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.

Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Cyberresearcher removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

When a new window shows up, click Next and select your restore point that is prior the infiltration of Cyberresearcher. After doing that, click Next.

Now click Yes to start system restore.

Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Cyberresearcher removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Cyberresearcher from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Unfortunately, there are few options when it comes to data recovery. Even if some users might think that paying crooks is the easiest method, we highly discourage them doing so. Instead, try the following alternative methods that might work well for you.

If your files are encrypted by Cyberresearcher, you can use several methods to restore them: